Would you facecheck a bush? Would you chase an enemy champion into an unwarded jungle? Would you fight Baron Nashor alone?
The answer to these questions is, of course, no. Sometimes, we answer yes to all of those, often to disastrous results. After all, most of us are human!
Your account security is exactly like that. Very often we are presented with tempting choices that seem good at the time, but end up having terrible consequences. The following guide won’t help you take on Zyra mid, but it should make you more aware of potential threats to account security.
Good Security Practices
Choose a secure password!
"Of all your possessions, I am the hardest to guard. If you have me, you will want to share me. If you share me, you no longer have me. What am I?" – Doran
You should think carefully about choosing your password. Your password should not be easy to guess, even to someone who knows you well. Also, keep in mind the existence of “brute force” programs, which use a set of words to generate possible passwords in order to attempt logging in to an account. Here are a few handy tips that should help you with choosing a secure password:
- Your password should not contain words from any dictionary; this includes words spelled backwards. Dictionaries are often used to generate a list of possible passwords from common words and terms.
- Use a combination of letters, numbers, special characters, spaces and capitalization but keep in mind that their distribution is also very important. For example, "password123" is not very secure, but "bLu3!p8P3py" is extremely difficult to guess.
- The longer the password, the less the chances that someone may be able to guess it. We recommend that you create a password that uses as many characters as possible.
- Many programs can detect common number/letter replacements (e.g. 5 for an S, 3 for an E, 1 for an I etc.) so try and avoid these when creating your password. Also try to avoid using keyboard sequences (e.g. 1234, qwert, zxasqw, asdasd, etc.) as these are commonly used to create passwords and are therefore often used by “Brute Force” programs.
- We recommend that you do not use your account name or summoner name in your password, as if it is followed by numbers, special characters or other words it will make it easier to guess. Finally try to use a unique password that is different from any of your other passwords (email account, social media websites, online bank account, other online game accounts, etc).
- There are some good open source password managers that might help you keep track of various passwords and while we do not endorse or support a particular password manager, here is an example of such program:
Should you wish to update your password using these tips, here is a guide that will explain how to do it. If you have forgotten your password or believe it may have been changed, here are instructions on how to recover it.
Keep Your Antivirus Software Active and Updated!
“A PC without an antivirus is like a fortress with its gates unbarred and unguarded.” – Xin Zhao
Antivirus software helps you fight against viruses and other malicious third party programs (i.e. key-loggers and Trojans). While Riot Games does not endorse or recommend any particular antivirus program, here is an example of a program that will prevent you from acquiring harmful malware:
Keep Your Operating System Updated
"You belong in a museum!" - Ezreal
Keeping your OS current ensures that critical security updates are installed to combat against nasty online critters. Click here to visit Microsoft’s update website to download the latest update!
If you are using a Mac, open the Apple Menu and select "Software updates" to download and apply the latest update to your Mac OS.
Be careful with shared systems!
"Mundo will go where he pleases!" - Dr. Mundo
- Use of public computers, such as those at hotels and internet cafés, significantly increases the risk of your personal information becoming compromised. Your password can be compromised by simply logging in from one of these shared systems in the event that harmful software has been installed.
- If you've played on a shared system before, you should consider changing your password just in case.
- If you use a shared computer regularly, be sure to log out when you are done!
Bad Security Practices
Do Not Share Your Account Information!
"Two tigers cannot share one mountain.” – Nidalee
Friends and Family
- Maybe your friend wants to try out a new champion, or perhaps you want to share the account in order to maximize your IP gain. Unfortunately, other people are unlikely to be as diligent with your account as you would be. This might lead to a compromised account that we might not be able to recover or even a Tribunal suspension! Here is an example:
Free RP offers
- The only source for purchasing RP is through the in-game store, so beware of scams similar to the ones below:
- The frustration of losing games when it happens due to circumstances outside of your control is completely understandable, but purchasing services of an Elo booster is generally more trouble than it’s worth. You are exposing your account to a potential compromise at the hands of an internet stranger and you have no way to recover your money in case the Elo booster does not live up to their end of the bargain, even if the offer is tempting, like shown below:
- For the same reason as above, account trading should be avoided as you will have no way to reverse the transaction if the deal goes bad. Also, since the original account owner will have knowledge of creation details, it is possible that they might even be able to recover the account via Player Support! Do not be tempted by dubious offers, like the one shown below:
Beware of Scamming or Phishing Attempts!
Click here to view Microsoft’s own guide to phishing prevention, which contains some great phishing-prevention tips for any active user of the internet. Some of the more common ways that scammers/phishers initiate contact with victims include:
- Email – Phishing emails are usually designed to emulate official company communications, often employing spoofed sender addresses along with the sender’s common formatting to fool users into clicking on malicious web links. To verify an email is actually from Riot Games, click here.
- Social Media – Phishers might contact you through Facebook, Twitter, LinkedIn, IM/chat (both in game and 3rd party, such as TeamSpeak or Skype), and etc. Remember, the Internet is full of strangers!
- Online Auction Houses Buying codes or skins from third-party sellers is a huge risk and many such offers turn out to be scams, as the seller has the advantage of anonymity and risks very little in the scamming attempt.
- Forums – Messages containing malicious links or scams can exist on any forum or other means of online communication. Exercise caution when chatting with others online.
- Other Websites – Some websites that ask you for login credentials are actually traps designed to steal your information using some type of web form. Others may be bombarding your computer with malware, which, without proper antivirus software, can harm your computer and endanger your account.
Support for Compromised Accounts
"Tactical decision, summoner!" - Lux
If you believe your account has been compromised, don’t panic! Take a deep breath and follow the checklist below:
- If you believe your account was compromised through phishing, or through an online scam: Update all the passwords you use for online accounts such as e-mail, social media, billing websites, and other video games. This is especially important if any of these passwords are the same as your League of Legends account.
- If you believe your account was compromised by a virus or Trojan: Immediately use your anti-virus program to scan and remove any unwanted programs from your computer. If you need a free anti-virus program then you can click here to download Avast! For more information on how to remove viruses, you can click here to visit Microsoft’s guide.
- If the hijacker contacts you with a ransom request, do not give in to the hijacker's demands! Treat this situation as you would any scam attempt mentioned above - chances are that the hijacker is only trying to exploit the situation further.
- Once your computer and existing accounts are secure, contact Player Support. Please be sure to include the following information:
- Account Name (the name you log into the LoL client with):
- Summoner Name (the name your friends see in-game):
- The server you play on (NA, EU-West or EU-Nordic/East):
- When was the last time that you had access to the account (Month/Day/Year):
- Creation date of the account (Month and Year):
- Original email address used to register the account:
- Location where you registered the account (City and Country):
- List of locations that you have played on this account(City and Country):
- Last IP address used to play League of Legends - http://whatsmyip.net/
- Internet Service Provider (ISP)/Internet Carrier when registering the account:
- Other people who have ever had access to the account:
- How did you first come into possession of the account:
- Location of RP purchases (City and Country):
- Approximate dates of most recent RP purchases:
- Email address linked to PayPal account:
- Unique PayPal transaction IDs associated with purchase(s):
- Phone number(s), mobile provider, and country used for SMS transactions:
- Any PaySafe Card PIN/Transaction IDs:
- Any Prepaid RP card PINs:
- The last 4 digits and expiration date of any credit card(s) used to purchase RP:
- Any transaction or confirmation numbers received via email for this account:
You can find more information about recovering your account here as well.
We will do our best to get you back on the Fields of Justice in no time!